NumPy

registryPyPI

package namenumpy

maintainerNumPy Contributors

NumPy is the foundational numerical computing library for Python, providing multi-dimensional array objects and a broad set of mathematical functions. It is the implicit dependency of virtually every Python data science and machine learning package. Even packages that do not import NumPy directly often link against its C extension headers at build time.

api usage

Checking NumPy

numpy 1.26.4 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=numpy&version=1.26.4" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "numpy",
  "version": "1.26.4",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Universal transitive dependencies are targeted for their broad reach: a malicious publish to NumPy would affect essentially every Python data science, ML, and scientific computing environment in a single update cycle.

Attestd monitors numpy using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages pandas scikit-learn Polars Response fields